From 5d91f77f8567b52f821fa001169f80d421192d7f Mon Sep 17 00:00:00 2001
From: wanglei <34475144@qq.com>
Date: Wed, 19 Nov 2025 18:00:17 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E9=85=8D=E7=BD=AE=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=EF=BC=8C=E5=B0=86OIDC=E7=9A=84OP=E7=AB=AF=E7=82=B9?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE=E6=8E=A5=E5=8F=A3=E9=85=8D=E7=BD=AE=E5=88=B0?=
 =?UTF-8?q?=E4=B8=80=E4=B8=AA=E6=96=87=E4=BB=B6=E4=B8=AD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 conf/nginx.conf         | 36 ------------------------------------
 conf/system/system.conf |  5 +++++
 src/api/oauth/oauth.lua |  8 +++++++-
 src/api/oidc/config.lua | 21 +++++++++++++++++++++
 4 files changed, 33 insertions(+), 37 deletions(-)
 create mode 100644 src/api/oidc/config.lua

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 0a48745..c1b38ed 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -56,32 +56,10 @@ http {
         add_header Access-Control-Allow-Origin *;
         add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
         add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
-
         if ($request_method = 'OPTIONS') {
             return 204;
         }
 
-        #OP端点配置
-        location /yum/v1/.well-known/openid-configuration {
-            content_by_lua_block {
-                local cjson = require "cjson"
-                local config = {
-                    issuer = "http://localhost:9080",
-                    authorization_endpoint = "http://localhost:9080/yum/v1/oauth/v2/authorize",
-                    token_endpoint = "http://localhost:9080yum/v1/oauth/v2/token",
-                    userinfo_endpoint = "http://localhost:9080yum/v1/oauth/v2/userinfo",
-                    --jwks_uri = "http://localhost:9080/jwks",  -- 公钥端点（可选）
-                    grant_types_supported = { "authorization_code", "token", "refresh_token" },  -- 新增支持 refresh_token
-                    response_types_supported = { "code" },
-                    subject_types_supported = { "public" },
-                    id_token_signing_alg_values_supported = { "HS256" },
-                    refresh_token_issuance_supported = true  -- 声明支持颁发 refresh_token
-                }
-                ngx.header["Content-Type"] = "application/json"
-                ngx.say(cjson.encode(config))
-            }
-        }
-
         #数据列表配置
         include 'system/system.conf';
 
@@ -95,20 +73,6 @@ http {
         location /test {
             content_by_lua_file '${APP_PATH}/src/test/test.lua';
         }
-        location = /testSM {
-            content_by_lua_block {
-                cjson = require "cjson.safe"
-                ngx.say(cjson.encode({a = 1, b = 2}))
-                local dict_a = ngx.shared.dict_a;
-                ngx.say("abc=",dict_a:get("abc"))
-
-                -- 访问全局变量
-                ngx.say("Global variable: ", global_var)
-
-                -- 访问共享字典
-                ngx.say("Shared dict value: ", dict_a:get("key"))
-           }
-        }
     }
 
     #server {
diff --git a/conf/system/system.conf b/conf/system/system.conf
index 70b8994..6b31c27 100644
--- a/conf/system/system.conf
+++ b/conf/system/system.conf
@@ -51,6 +51,11 @@ location /yum/v1/system/users {
 ######################################################
 ###     oauth2.0 + openIDC 接口文件处理              ###
 ######################################################
+#OP认证端点相关
+location /yum/v1/.well-known/openid-configuration {
+    content_by_lua_file '${APP_PATH}/src/api/oidc/config.lua';
+}
+
 #用户认证登陆相关
 location /yum/v1/oauth/v2 {
     content_by_lua_file '${APP_PATH}/src/api/oauth/oauth.lua';
diff --git a/src/api/oauth/oauth.lua b/src/api/oauth/oauth.lua
index e61ee90..49effb4 100644
--- a/src/api/oauth/oauth.lua
+++ b/src/api/oauth/oauth.lua
@@ -11,8 +11,14 @@ local oauthService = require("service.oauth.oauth")
 --定义相关路由，前端接口url地址
 local routes = {
     --------------------------------------------
-    ------------ OAuth2.0认证相关路由配置 ---------
+    ------------ OIDC OAuth2.0认证相关路由配置 ---
     --------------------------------------------
+    --OP端点配置
+    {
+        paths = { "/yum/v1/.well-known/openid-configuration" },
+        methods = { "GET", "POST" },
+        handler = oauthService.openidConfig,
+    },
     --获取授权码
     {
         paths = { "/yum/v1/oauth/v2/authorize" },
diff --git a/src/api/oidc/config.lua b/src/api/oidc/config.lua
new file mode 100644
index 0000000..83ef9c2
--- /dev/null
+++ b/src/api/oidc/config.lua
@@ -0,0 +1,21 @@
+---
+--- Generated by EmmyLua(https://github.com/EmmyLua)
+--- Created by admin.
+--- DateTime: 2025/11/19 11:48
+--- openID Connect 认证端点配置文件
+
+local cjson = require "cjson.safe"
+local config = {
+    issuer = "http://localhost:9080",
+    authorization_endpoint = "http://localhost:9080/yum/v1/oauth/v2/authorize",
+    token_endpoint = "http://localhost:9080yum/v1/oauth/v2/token",
+    userinfo_endpoint = "http://localhost:9080yum/v1/oauth/v2/userinfo",
+    --jwks_uri = "http://localhost:9080/jwks",  -- 公钥端点（可选）
+    grant_types_supported = { "authorization_code", "token", "refresh_token" },  -- 新增支持 refresh_token
+    response_types_supported = { "code" },
+    subject_types_supported = { "public" },
+    id_token_signing_alg_values_supported = { "HS256" },
+    refresh_token_issuance_supported = true  -- 声明支持颁发 refresh_token
+}
+ngx.header["Content-Type"] = "application/json"
+ngx.say(cjson.encode(config))
\ No newline at end of file